Simplifying IT for You

Category: advice

We tend to measure people’s value by their accomplishments. When it comes to Steve Jobs, his legacy is based on transformational leadership that launched innovations and impacted high-tech and other industries for more than 30 years. But more important, he left a digital footprint that will forever be embedded in our collective consciousness.His success is so astonishing that millions (billions?) of people have either read Walter Isaacson’s book “Steve Jobs,” watched the bio pic movies “Jobs,” and “Steve Jobs,” or viewed the recent Discovery Channel feature “Steve Jobs: The Man in the Machine” to gain a glimpse and learn some lessons about Jobs’ legendary life and career. After 570+ pages of reading and more than 6 hours of video, I gained an even greater appreciation and knowledge of how he and his colleagues, including Steve Wozniak, took Apple from a garage startup to one of the highest valued corporations. Issacson closes his book with an amazing summary of the major contributions by Jobs and Apple:

Apple II: Over 20 years ago, I was fortunate enough to tell Steve Wozniak in person how the Apple II fundamentally changed my life. It inspired me and many others to follow a career in high tech. We didn’t know it at the time, but his vision of the future of the PC and computing included every man, woman, and child – not just scientists and geeks. It was an important catalyst of IDC’s 2nd and 3rd Platform and transformed generations as a pervasive and transformational technology.

LISA and the Macintosh: While Xerox PARC pioneered the graphical user interface and the mouse for user access, Jobs and Apple drove the home computer revolution. LISA and Macintosh enabled the rise of the PC as a consumer appliance for information access and the enablement of nearly infinite creativity. This killer innovation brought computer use to the masses, and its impact cannot be understated.

iPad: As an extension of the PC, Jobs added consumption and networked computing experiences that paved the way for the information appliance. The rise of the iPad enabled ubiquitous access to information and entertainment and inspired entirely new content creation industries. The iPad to me is the ultimate fruition of the “information appliance” we talked about close to 30 years ago.

iPod: Not only has the device changed how we consume music, but also how we purchased it legally. The iPod proved to be a creative solution to years of music piracy through the likes of Napster. Ironic enough, Jobs always viewed himself and his colleagues as pirates, even once flying a pirate flag over Apple offices! The app store is an extension and example of consumption-based software and how small chunks and apps can transform the software business.

Apple Store: For many, the digital storefront is a favorite place to experience the buzz around Apple products that users truly love. In fact, when Jobs passed away, it inspired millions of people to mourn someone they had never met, but whom they felt his impact. In some ways, the Apple Store is like the computer hobbyist meetings and events Jobs and Wozniak visited years back. But it’s on a massive scale with appeal across the entire population.

Apple iCloud: Inspired and brought to fruition by Jobs and Apple, Apple iCloud is an evolutionary technology, an amazing proof-point of what cloud computing is and will be. The ability to decentralize information and content management from single devices (like the hierarchical PC computing model of old) to synchronizing data across devices and within a central, secure place for content, music, pictures, and videos was a revolution in itself.

Pixar: If these technological breakthroughs weren’t enough, Jobs created Pixar by acquiring Lucas Films’ Industrial Light and Magic and creating a new cultural phenomenon beginning with Toy Story and continuing to this day with Finding Dory. Beyond the creative side, Pixar created a digital revolution that we are only now starting to see the ultimate impact.

I was blown away by this list and each product’s influence. Just one of these innovations would have enabled Jobs to go down in history as a pioneer and real genius. But looking at these holistically, he helped create a new digital economy and a brave new world enabled by digital transformation.

“Steve Jobs: The Man in the Machine” showcased that the legacy of Jobs is not only preserved in the “things” and products he enabled, but also in the essence of the man himself. At Jobs’ memorial service, a version of a “Think Different” commercial was played – but instead of Richard Dreyfuss, Jobs voiced the 60-second spot himself.

In his book, Isaacson writes that Jobs himself penned the line “they push the human race forward.” Talk about a mesmerizing legacy and a fitting tribute to the “Man in the Machine.” His genius has indeed helped to change the world.

Here’s to the crazy ones.
The misfits.
The rebels.
The troublemakers.
The round pegs in the square holes.
The ones who see things differently.
They’re not fond of rules.
And they have no respect for the status quo.
You can quote them, disagree with them,glorify, or vilify them.
About the only thing you can’t do is ignore them.
Because they change things.
They push the human race forward.
While some may see them as the crazy ones, we see genius.
Because the people who are crazy enough to think
they can change the world are the ones who do.

Isaacson writes that Jobs himself penned the line “they push the human race forward” and his genius has indeed helped to change the world.

Fred is the senior director and head of Thought Leadership for Digital Business Services Marketing at SAP.

Introduction

The new SAP HANAMultitenant Database Containers (MDC) feature, which was introduced last week in the Free Developer Edition of the SAP HANA Cloud Platform not only gives you a development experience much closer to a productive HANA instance, it also allows for much more freedom in configuring your HANA than the old HANA trial instances based on shared databases.

In the old HANA trial offering, the servers were preconfigured to use SAML authentication with the SAP Identity Provider for your HANA XS applications, and there was no option to change that. With the new MDC trial systems, you now have a choice between form-based authentication and SAML support using an identity provider of your choice (including On-Premise IDPs).

When configuring your XS application to use SAML, the authentication is handled by an Identity Provider Service (IDP)instead of adding user management in the HANA system. The IDP will authenticate the user either by username and password, or by certificate. This allows for single sign-on (SSO) scenarios and thus improves largely the user experience.

To make this scenario possible, a trust relationship between your HANA database and the IDP needs to be set up, meaning that you need to register your HANA instance, the Service Provider in the IDP and vice versa.

Once this is done you can configure the applications running on your HANA instance to use SAML authentication: if you open the UI for such an XS application in your browser, the request is redirected to the IDP, which will take care of the user authentication. Once the user’s identity is verified, the IDP sends the request back to the HANA application – including the information about the user. The application can then perform the authorization check based on the verified information about who was sending the request and decide if the user is allowed to perform the requested operation.

Note: the described procedure is specifically tailored to be used with HANA SPS10 (tested with revision 102.3, which is currently being used for the HANA MDC trial systems). There are a few places which look and feel like a workaround (feel free to apply the duck test to this statement). This will become easier in the future, and hopefully once SPS11 becomes available I will be able to replace these steps with a something simpler.

But now, without further ado, let’s jump right into the nitty gritty belly of the beast…

What You Need

There are a few things you need before we start:

A Web browser (I was using Google Chrome).

A tenant database on a SAP HANA Multitenant Database Containers system. You can get one following the instructions in the blog by Ekaterina Mitova.

A tool to generate the certificate for your Service Provider with. I will use OpenSSL in this blog. (If you are using a Mac or Linux system, chances are that it is already installed.)

A tenant in an IDP Service with privileges to register service providers and manage users. I will use a tenant from an SAP test IDP in this blog.

Preparing Your HANA Tenant Database

After you have created the Trial instance following Ekaterina’s blog, you need to assign some privileges to an administration user in the HANA system. To keep it simple for this blog, we are using the SYSTEM user for that – something you should not do in a productive system!

In the database overview of the SAP HANA Cloud Platform Cockpit click on the SAP HANA Cockpit link:

In the SAP HANA Cockpit UI click on Manage Roles and Users:

In the security management UI select the SYSTEM user from the user list and assign these roles:

sap.hana.security.base.roles::HANACertificateAdmin

sap.hana.security.base.roles::HANACertificateView

sap.hana.security.cockpit.roles::DisplayCertificateStore

sap.hana.xs.lm.roles::Developer

sap.hana.ide.roles::Developer

sap.hana.xs.admin.roles::SAMLAdministrator

sap.hana.xs.admin.roles::RuntimeConfAdministrator

Note: in case you want to create a new user for administration of certificates, you also need to grant the system privilege CERTIFICATION ADMIN. The SYSTEM user already has this by default.

Creating a Hello World Application

Let’s first create the HANA XS application we want to protect with SAML authentication in this blog. This is pretty easy using the SAP HANA Web-based Development Workbench.

Click on the SAP HANA Web-based Development Workbench link in the SAP HANA Cloud Platform Cockpit. A new UI opens.

In this new UI, click on Editor

Create a new sub-package within the public package

In the context menu for the new sub-package, select Create Application

Select Template “HANA XS Hello World” and click on Create

You should now see something like this:

Testing the Hello World Application

Click on the activate and run button:

Now the Hello World application will start in a new browser tab.

Click on the Call Backend” button: you should now see the message “Hello World from User SYSTEM”

Since you were already logged on to the HANA instance with the SYSTEM user in this browser, the new browser tab was opened with the same identity. Try opening the application by copying the URL into a private browsing window or another browser. You should be prompted with the normal HANA logon screen.

Note down the application URL. We’ll want to use it later when we test the SAML authentication.

Creating Your Service Provider Certificate

The Service Provider certificate is the “passport” with which your HANA instance will authenticate itself to the IDP. For productive purposes you will want to get an official certificate, signed by a trusted certification authority. For this trial scenario we will just create a self-signed certificate ourselves.

Create the certificate with OpenSSL

OpenSSL is a command tool, and once it is installed you can create a self-signed certificate by calling the tool in a command shell like this (all in one line):

Note: I didn’t check if the example domain name I used ‘trust.no.one’ is actually registered by anyone. You can use your domain instead.

This command will produce two files:

certificate.key: the private key. Never share this with anyone for a productive use-case!

certificate.crt: the public certificate for your service provider

Register the Certificate in Your HANA Instance

Connect to the Tenant DB via HANA Studio (add cloud system). Unfortunately, the SQL editor in the SAP HANA Web-based Development Workbench (aka Web IDE) does not seem to work for some of the multiline statements we are about to use.

Create a PSE Container

In an SQL editor execute the following command:

CREATE PSE TrustMe;

Assign the PSE Store For SAML Use

Execute this statement:

SET PSE TrustMe PURPOSE SAML;

Register the Service Provider Certificate

For the following statement use the values from the certificate.crt (replace the part between the Begin/End Certificate tags) and from the certificate.key file from (the part between the Begin/End Private RSA Key tags). You should end up with something like this:

ALTER PSE TrustMe SET OWN CERTIFICATE ‘—–BEGIN CERTIFICATE—–

MIIDKTCCAhGgAwIBAgIJAL0Qouc1TloGMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV

BAMTDHRydXN0Lm5vLm9uZTAeFw0xNjAxMjExNjExMDVaFw0xODExMTAxNjExMDVa

MBcxFTATBgNVBAMTDHRydXN0Lm5vLm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEP

ADCCAQoCggEBAMNu3KJ8f1N2jFhorBvBU9jcjG/0xV+T54iVlN+qwGFc6YbCZbr/

sFx97c3wM+qdUvXncyRYeLMpTzbg/muogmIVV07qyxd/S8vsseHlQthcQinCoz81

H99ivtKRpQ/swHwanPuDtoQCcTppMtqaxhhOjEhV4jI3iMjNeOfFoRhzNSz7IvRg

5xG/uYicmpFBYo6ySPrbtnRn5nUo9OMlXFQSW7L562oDmomWjmysvdkV1ghBN2LI

wVSNp07pJt0TM33SIOJZQqY2eB6YYKjLQx+t7EMySfHSZdBZ9e3M0LTlaYR1O/Vp

LLaOuuM1DSBznw5Z8T/1KThvpT0rBTEx+kkCAwEAAaN4MHYwHQYDVR0OBBYEFJdw

DpH7f8vnPVrWvmBWqpVlq3quMEcGA1UdIwRAMD6AFJdwDpH7f8vnPVrWvmBWqpVl

q3quoRukGTAXMRUwEwYDVQQDEwx0cnVzdC5uby5vbmWCCQC9EKLnNU5aBjAMBgNV

HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBTIS7CgRAmLTSukBOfMg0oi0Sj

B2ztF1aHb6XPn/kBRnmdXpdn86dyrAXpOYOVToWCxATKjx4cAXO7Cb9aOAhSJRfh

XXEB6dXnXESnyvuet4oyorPKqTmq7jEE30Mfnw7MqrgEM/dCy+IHIeK9SzETUUsA

+FkwtEppKYF6f3X5SeO4dxU9xZOxrinAWANESbE8r48PtaeL8oslRXqLHbVhZEW9

r0TXS3tWOyW17wKTIQt9DVZ1LaSGpU5rXCUyQR/RJ/fsYNEl2SMOMUIsMeFH3tZq

HfMqQUVFBYHpWCraMTxOUTS5PHdUoxW070Ygn3d1gLjN3EZONNo8CEhek/sC

—–END CERTIFICATE—–

—–BEGIN RSA PRIVATE KEY—–

MIIEpAIBAAKCAQEAw27conx/U3aMWGisG8FT2NyMb/TFX5PniJWU36rAYVzphsJl

uv+wXH3tzfAz6p1S9edzJFh4sylPNuD+a6iCYhVXTurLF39Ly+yx4eVC2FxCKcKj

PzUf32K+0pGlD+zAfBqc+4O2hAJxOmky2prGGE6MSFXiMjeIyM1458WhGHM1LPsi

9GDnEb+5iJyakUFijrJI+tu2dGfmdSj04yVcVBJbsvnragOaiZaObKy92RXWCEE3

YsjBVI2nTukm3RMzfdIg4llCpjZ4HphgqMtDH63sQzJJ8dJl0Fn17czQtOVphHU7

9Wksto664zUNIHOfDlnxP/UpOG+lPSsFMTH6SQIDAQABAoIBAQCm0IY7m5EDKPl6

rT3bIxXy0a5+Eaw3fQPwrd05XYKAmNIsWNqE16MuD79gPVvTMx6RD1JU/79nDiez

bDE+q8M+/YBcuEVKdTm5gvwDGbIJBBbllmHJngrqnlrLWc5O3YMfa4f7l92+qGcF

uK3TsrDMJp/PTp+YxZZX8Cr3itWLC6v41f7P8JH/QvDWVRdo01oNH3x6xwdcywak

IvDSyMFjX5UVR/uHyaYyd9ox96Tw3YbJwru4XOOhObePUe7k522ShzywY+/OESuu

y6xIe8vVJLcPEChQGmjCuDRE2UsEJ/AM3iT3VVoyHy/vUaiWnyF99wmsHE0/jT8p

2hsQtxwBAoGBAPabIyhBdgoQSa5GGaoMlPAs6B6eduFuBxbzXlFJonLVKO0e6pZI

/hkyeO1rlFWjNy2WhyN8ss9cFz0VX8x/0tj6TgUJRJ674aSpUq+kgYiZbgwPuCOk

Udxhu56/z8pkcpjBNbUTkT9EuQzLavKIpj2L7P/EhhSLuDJ6jMvHW+DpAoGBAMrg

sar4aEOk+nIqoewnHupHmyZqN3Y0QjmXF3r9lFHV5PHu9ZK+6vjDgrCJhDr+cr/q

OU+wJ8r9JH640y/BOXWdbsSysQWVWoLOEwbLd8iKwAfL6MDVyoXk3dP7BOo1fVJh

B6/vLWy5WObKlq9EfvqJeH7gXEZkgkulV4+/KnJhAoGAHeRgNpj4ve+Lftxwb/Rm

eVZ4LH342wqDQXzuidvrHRBJjbSZqu3eHx/HGMBZkqfeIGCGsP6Eji4Tgwv8OMWl

wTdWDbY54yPTDiqYI0JFkVFHzZ56K5fXdGdEXtHRVi8m1O1WnURp7sldxPdDV3LI

89zqNXaU6hilkzjXqDvaH0ECgYEAwmCL+VotU3pS9mWAZGmLBj57GVA1OUySkuj/

dzhUDiBYTbB8mw/Ow29W3Nu01G0L9nJsXLxTM/pcKAnfVWbVLaocAduPHeFeKetV

cXIqnvrJR+8HXxK3CpggLUTZDakYHICYw+jt5bijw+QggWaoHlTuHOnLnyoXaHDP

NwuamKECgYApD7C/UcHVC9W6yCORHmmwkerAPacXnKIPiXWOQzkLG7zKoDzsE3yi

BqmpA2hvAbFFXUBe86vj1HW8jQIa//TXYSYHks1wFEWcGVczWoETt9025FEr0qTy

ncJkQXo9N3yXgRQMui+7gPAfZa1jp151ATOzf9pnWfHJ74pLh5MvPQ==

—–END RSA PRIVATE KEY—–‘

You have now created a PSE store containing the “own” certificate with which your HANA instance will be registered in the IDP service.

Complete the Service Provider Settings

There are still a few properties of the metadata for your Service Provider which need to be set. This is done in the XS Admin Tool of your tenant DB. You can open this tool by appending “/sap/hana/xs/admin/#samlsp” to the Url of your HANA instance.

Service Provider Information

In the Service Provider Information tab, you should set your Organisation Name, Organisation Display Name and Organisation URL. To change the values, click on the Edit button in the lower right corner and click on Save once you’re done.

Service Provider Configuration

Not much to do here. Just set the Default Role to “PUBLIC”.

Making the IDP Trust Your HANA

In this step you will export the certificate of your HANA instance and register it as a Service Provider in the IDP.

Export HANA SAML Metadata

Now go to the Metadata tab of the SAML Service Provider UI in the XS Admin Tool. Select the complete XML content of the text field and copy and paste it to a local text file. Save that file with the ending xml.

Register Your Service Provider Metadata in the IDP

My development team has a tenant in an SAP test instance of the SAP Cloud Identity Service, so I will use that to demonstrate the process in this blog. This should work similarly with other IDP service offerings.

Log on to the SAP Cloud Identity Administration Console

Go to Applications

Click on + Add

Enter a new name and click on Save

Click on SAML 2.0 Configuration

In the Define from Metadata section click on the Browse… button

Select the xml metadata file for your Service Provider, which you created in the previous step

Click on Save

You have now set up the IDP to trust your HANA instance.

Making Your HANA Trust the IDP

We still need to set up the trust relation in the other direction, because right now your HANA system doesn’t know anything about the IDP.

Export the IDP Metadata

Again, I’m using the SAP Cloud Identity Service to demonstrate this.

Log on to the SAP Cloud Identity Administration Console

Go to Tenant Settings -> SAML 2.0 Configuration

Click on Download Metadata File at the very bottom of the window. This will create a metadata.xml file containing the IDP metadata to your local disc

At the bottom of the screen (please scroll down to the end) you will find the Signing Certificate. Copy the cryptic string from the Insert as Text field and paste it to a local text file.

Import the IDP Metadata Into HANA

Now this is a bit tricky, because for part of the information you will still use the “old” XS Admin Tool and other parts are handled now via SQL statements.

Create the HTTP Destinations

This is the part where you can still use the XS Admin Tool. There is probably a way to do all this by manually storing this information in the appropriate database tables in the HANA system, but this would require deeper knowledge of the internal table layout and semantics, so it’s easier to do it like this:

Go to the XS Admin Tool in your tenant database (appending “/sap/hana/xs/admin/#samlsp” to the URL of your HANA instance)

Go to SAML Identity Provider and click on +

Open the metadata.xml file you downloaded from the IDP in a text editor and copy and paste it to the Metadata input area

Click Save

Now the metadata is displayed in the General Data and Destination fields, but because of the new certificate handling introduced in HANA with SPS10 nothing was really stored. We now need a trick to get the General Data andDestination data actually stored in the appropriate HANA tables:

Delete all the text in the Identity Provider Metadata input field

Click on Save again (there will likely be an error displayed at this point, but don’t mind that)

Verify that the destination was stored in HANA by going to the Catalog view (in the SAP HANA Web-based Development Workbench or SAP HANA Studio) and check the _SYS_XS.HTTP_DESTINATIONS table:

Add the Certificate

Because the XS Admin Tool cannot store the actual certificate anymore (the storage was moved from the file system to the database, and the tool wasn’t updated for this), we now have to store the certificate with a SQL statement.

Use the certificate string you got from the step where you exported the metadata from the IDP and embed it in a ‘CREATE CERTIFICATE’ statement. Make sure to have the BEGIN/END CERTIFICATE tags surrounding your string with the exact amount of dashes. Line brakes should not matter here.

I found that I had to execute this statement in the HANA Studio as the Web-based Development Workbench gave me an error.

Now check the content of the SYS.CERTIFICATES view and look for the CERTIFICATE_ID of the IDP certificate you just created. You need this ID for the next step.

With this CERTIFICATE_ID you can now add the IDP certificate to the PSE used for the SAML authentication:

ALTER PSE TrustMe ADD CERTIFICATE 154178;

Check the view SYS.PSE_CERTIFICATES, it should now have two entries, one with CERTIFICATE_USAGE OWN and one with TRUST

You have now fully configured the trust relationship between your HANA instance and the IDP for the sake of SAML authentication!

Setting Up the Application For SAML Authentication

What is still left to do is to configure the Hello World application to use SAML authentication instead of basic authentication.

Again, go to the XS Admin Tool in your tenant database (appending /sap/hana/xs/admin/#” to the URL of your HANA instance)

Select XS Artifact Administration

Navigate to the package where you created your Hello World application

Click on Edit

In Authentication Methods tick the SAML checkbox and select the IDP configuration created in step 2

Untick all other checkboxes

Click Save

The configuration should now look like this:

Testing the Application

The User ID of my user in the IDP is “P000001”, as we can see in the user administration UI of the SAP Cloud Identity tenant:

We expect this ID to show up in the Hello World application once we log using the SAML authentication.

Remember the application URL from when we first tested it? Paste it in a private browsing window or even another browser (we want to avoid any caching problems).

Instead of the logon screen of your HANA system you should now see the logon screen of your IDP (assuming that you have not set up single sign-on, in which case you would be either directly redirected to the application, or asked by the browser to use a certificate for authentication).

Once you log in, the application UI is displayed. When you now click on the Call Backend button, instead of the SYSTEM user the user ID of the user from the Identity Provider should be displayed.

Note: if you did not tick the Dynamic User Creation checkbox in step 2 you need to create the user in the HANA instance manually, otherwise you will see an error message that the user does not exist.

Closing Thoughts

I hope this blog is of help to anyone who wants to try such a scenario. The next step would be to try and add single sign-on.

Admittedly, the process to set up SAML authentication is not the smoothest. Especially the need to use the HANA Studio for multiline statements and the disjoint of the XS Admin Tool with the new certificate storage make it a bit of an adventure to configure this. I am certain that these points will be addressed in one of the next HANA versions.

I’d also like to give a big shout-out to my team-mate, architect and HANA whisperer Eduard Bartsch who guided me through some of the most tricky parts of this procedure.

Success in the IoT requires new levels of speed, agility, and flexibility, not just from the systems delivering IoT services but also from the people charged with making those services happen.

Hyperconnectivity, the concept synonymous with the Internet of Things (IoT), is the emerging face of IT in which applications, machine-based sensors, and high-speed networks merge to create constantly updated streams of data. Hyperconnectivity can enable new business processes and services and help companies make better day-to-day decisions. In a recent survey by the Economist Intelligence Unit, 6 of 10 CIOs said that not being able to adapt for hyperconnectivity is a “grave risk” totheir business.

IoT technologies are beginning to drive new competitive advantage by helping consumers manage their lives (Amazon Echo), save money (Ôasys water usage monitoring), and secure their homes (August Smart Lock). The IoT also has the potential to save lives. In healthcare, this means streaming data from patient monitoring devices to keep caregivers informed of critical indicators or preventing equipment failures in the ER. In manufacturing, the IoT helps drive down the cost of production through real-time alerts on the shop floor that indicate machine issues and automatically correct problems. That means lower costs for consumers.

Several experts from the IT world share their ideas on the challenges and opportunities in this rapidly expanding sector.

Where are the most exciting and viable opportunities right now for companies looking into IoT strategies to drive their business?

Mike Kavis: The best use case is optimizing manufacturing by knowing immediately what machines or parts need maintenance, which can improve quality and achieve faster time to market. Agriculture is all over this as well. Farms are looking at how they can collect information about the environment to optimize yield. Even insurance companies are getting more information about their customers and delivering custom solutions. Pricing is related to risk, and in the past that has been linked to demographics. If you are a teenager, you are automatically deemed a higher risk, but now providers can tap into usage data on how the vehicle is being driven and give you a lower rate if you present a lower risk. That can be a competitive advantage.

Dinesh Sharma: Let me give you an example from mining. If you have sensored power tools and you have a full real-time view of your assets, you can position them in the appropriate places. Wearable technology lets you know where the people who might need these tools are, which then enables more efficient use of your assets. The mine is more efficient, which means reduced costs, and that ultimately results in a margin advantage over your competition. Over time, the competitive advantage will build and there will be more money to invest in further digital transformation capabilities. Meanwhile, other mining companies that aren’t investing in these technologies fall further behind.

With the IoT, how should CIOs and other executives think and act differently?

Martha Heller: The points of connection between IT and the business should be as strategic and consultative as possible. For example, the folks from IT who work directly with R&D, marketing, and data scientists should be unencumbered with issues such as network reliability, help desk issues, and application support. Their job is to be a business leader and to focus on innovative ideas, not to worry for an instant about “Oh your e-mail isn’t working?” There’s also obviously the need for speed and agility. We’ve got to find a way to transform a business idea into something that the businessperson can touch and feel as quickly as possible.

Greg Kahn: Companies are realizing that they need to partner with others to move the IoT promise forward. It’s not feasible that one company can create an entire ecosystem on their own. After all, a consumer might own a Dell laptop, a Samsung TV, an Apple watch, a Nest device, an August Smart Lock, and a Whirlpool refrigerator.

It is highly unrealistic to think that consumers will exchange all of their electronic equipment and appliances for new “connected devices.” They are more likely to accept bridge solutions (such as what Amazon is offering with its Dash Replenishment Service and Echo) that supplement existing products. CIOs and other C-suite executives will need to embrace partnerships boldly and spend considerable time strategizing with like-minded individuals at other companies. They should also consider setting up internal venture arms or accelerators as a way to develop new solutions to challenges that the IoT will bring.

What is the emerging technology strategy for effectively enabling the IoT?

Kavis: IT organizations are still torn between DIY cloud and public cloud, yet with the IoT and the petabytes of data being produced, it changes the thinking. Is it really economical to build this on your own when you can get the storage for pennies in the cloud? The IoT also requires a different architecture that is highly distributed, can process high volumes of data, and has high availability to manage real-time data streaming.

On-premise systems aren’t really made for these challenges, whereas the public cloud is built for autoscaling. The hardest part is connecting all the sensors and securing them. Cloud providers, however, are bringing to market IoT platforms that connect the sensors to the cloud infrastructure, so developers can start creating business logic and applications on top of the data. Vendors are taking care of the IT plumbing of getting data into the systems and handling all that complexity so the CIO doesn’t need to be the expert.

Kahn: All organizations, regardless of whether they outsource data storage and analysis or keep it in house, need to be ready for the influx of information that’s going to be generated by IoT devices. It is an order of magnitude greater than what we see today. Those that can quickly leverage that data to improve operational efficiency, and consumer engagement will win.

Sharma: The future is going to be characterized by machine interactions with core business systems instead of by human interactions. Having a platform that understands what’s going on inside a store – the traffic near certain products together with point-of-sale data – means we can observe when there’s been a lot of traffic but the product’s just not selling. Or if we can see that certain products are selling well, we can feed that data directly into our supply chain. So without any human interaction, when we start to see changes in buying behavior we can update our predictive models. And if we see traffic increasing in another part of the store in a similar pattern we can refine the algorithm. We can automatically increase supply of the product that’s in the other part of the store. The concept of a core system that runs your process and workflow for your business but is hyperconnected will be essential in the future.

Privacy and security are a few of the top concerns with hyperconnectivity. Are there any useful approaches yet?

Kavis: We have a lot less control over what is coming into companies from all these devices, which is creating many more openings for hackers to get inside an organization. There will be specialized security platforms and services to address this, and hardware companies are putting security on sensors in the field. The IoT offers great opportunities for security experts wanting to specialize in this area.

Kahn: The privacy and security issues are not going to be solved anytime soon. Firms will have to learn how to continually develop new defense mechanisms to thwart cyber threats. We’ve seen that play out in the United States. In the past two years, data breaches have occurred at both brick-and-mortar and online retailers. The brick-and-mortar retail industry responded with a new encryption device: the chip card payment reader. I believe it will become a cost of business going forward to continually create new encryption capabilities. I have two immediate suggestions for companies: (1) develop multifactor authentication to limit the threat of cyber attacks, and (2) put protocols in place whereby you can shut down portions of systems quickly if breaches do occur, thereby protecting as much data as possible.

A slow but steady revolution is occurring in the world of learning. If you have a child between the ages of 5 and 18 living at home, you’re probably seeing it unfold every day. Want to confirm you got your math problem correct? Just ask Siri. Need to understand how weather balloons work for a science project? Check out The Weather Channel Kids Web site. Forgot your homework assignment? Ask a friend to snap it and send it on Instagram.

The future of learning is here and it’s digital, social, continuous, and highly immersive. For companies, traditional training methods, such as classrooms, are still relevant, but they are no longer the prime delivery method for learning. They are slow to set up, are expensive, and consume too many productive hours. Many companies are beginning to view the classroom as a strategy for customized educational needs, such as corporate strategy or branding.

Static online-learning tools, such as asynchronous simulations and narrated slide decks, are not engaging enough to be effective as a replacement for live training, however. Meanwhile, many employees are unable to keep up with technological advances that affect their everyday work processes. Because knowledge becomes obsolete so quickly, people need continuous, always-on learning.

CGI, a global IT consulting company with 68,000 employees, was struggling with this very problem. Classroom training for consultants couldn’t keep up with the education required to service clients with sophisticated technology needs. CGI adopted a cloud-based learning platform to bridge the gap. The system, which can be personalized to the learner, includes video-based courses and online-learning rooms to foster social learning opportunities with other students and instructors. CGI is now training 50% more consultants, and learners are consuming 50% more training content than in the past.

The move to continuous, on-demand learning is also saving CGI money and enabling it to onboard new consultants faster. “It is a ‘moment of need’ reference tool that helps our employees in their day-to-day tasks,” says Bernd Knobel, a director at CGI.

Workforce and economic drivers for learning transformation

Learning needs are growing across all disciplines of content due to the speed of globalization, competition, and new disruptive business practices. During the fallout from the 2008 global recession, companies scaled back on organizational development, but that’s beginning to change as companies struggle to rebuild their businesses, says Josef Bastian, a senior learning performance consultant with Alteris Group.

The same forces that drove CGI to abandon the classroom are being felt across industries. The main drivers for change include:

1. Creating competitive advantage

Uber, Netflix, Amazon, Airbnb, Bloom Energy, and health insurer Oscar are among the companies considered highly disruptive in their markets today. They achieved innovation and market share by looking ahead and taking advantage of new technologies faster than competitors or in novel ways. Digital learning enables companies to stay ahead of the curve. Companies need to understand the new technologies before they are even available, so that they can understand the impact on the business and even invent new business models.

2. Closing the skills gap

We are now in an era that will rival the Industrial Age in terms of transformation. For example, a financial analyst today needs to know how to work with Big Data, including how to ask the right questions and how to use the related information systems. Jim Carroll, a speaker, consultant, and author on business transformation, uses the automotive industry as one rubric for change. “You’ve got folks who are struggling with all this new high-tech gear inside the car or the dashboard,” says Carroll. “And you look at a typical auto dealer or the person manufacturing a car, and the knowledge they need to do their job today is infinitely more complex than it was even 5 or 10 years ago.”

3. Retaining and motivating a new workforce

By 2025, Millennials will make up 75% of the workforce, according to the Brookings Institution. Various studies have shown that Millennials crave learning and collaboration and will do whatever it takes to get the information they need expediently. “I’ve got two sons who are 20 and 22 and they seem to learn in an entirely new and different way,” Carroll says. “To borrow from Pink Floyd, it is short, sharp shocks of knowledge ingested. They won’t sit down and read 50 pages of a textbook.” Sophisticated learning programs are one way to keep this generation engaged. “Millennials will be an increasing challenge for companies to attract and retain because of their high expectations,” says Bastian. “They’re not interested just in money but also in a career path and the opportunity for diverse experiences.”

It’s risky to assume that your business isn’t in a prime spot for disruption (see “Corporate Learning Trends”). Companies will need to adapt or suffer the consequence of a disengaged and unprepared workforce. An Oxford Economics Workforce 2020 survey found that the top concern of employees is the risk of becoming obsolete; nearly 40% of North American respondents said that their current skills will not be adequate in three years, and only 41% of global respondents said that their companies are giving them opportunities to develop new skills.

Corporate Learning Trends

Nearly 40% of North American respondents said that their current job skills will not be adequate in three years, with the majority agreeing that the need for technology skills, especially in analytics and programming, will grow.

Less than half (47%) of executives say they have a culture of continuous learning. A similar percentage says that trouble finding employees with base-level skills is affecting their workforce strategy.

Spending on technology education in the Americas will have a compound annual growth rate (CAGR) of4.2% from 2014 to 2019, with the highest growth in the United States for collaborative applications (11.9% CAGR), followed by data management applications (7.8%).

The global e-learning market was worth US$24 billion in 2013, with predicted growth of $31.6 billion by 2018.

Of the $31.6 billion predicted worldwide spend on corporate e-learning by 2018, $22.5 billion will be on content.

A majority of chief learning officers (57%) say that learning technology is a significant priority for spending.

In 2014, 32.6% of training was delivered through e-learning (asynchronous and synchronous); 30.4% took place in the classroom, 18.9% was on the job, and 18.1% was “other,” which includes video and text.

E-learning is the preferred method for developing IT skills, said 34% of participants, compared with 29.2% for classroom training. For developing business skills, an overwhelming 57.3% chose classroom training.

Evolution of learning: personal, social, mobile, and continuous

Online courses have become a standard way to gain knowledge, and that’s shifting to even more interactive learning through mobile, which is available anywhere and anytime. Like many large companies, SAP had created a vast library over time of more than 50,000 training assets, which was cumbersome to navigate and manage.The curriculum was organized across regions, lines of business, and disciplines. As a result, mapping learning to broader business goals was difficult.

To modernize its learning environment, SAP deployed a cloud-based learning management system and a social collaboration tool. Today, more than 74,000 employees can create personalized training through a combination of online self-study that incorporates video and documentation, social learning tools for exchanging ideas with other employees, and hands-on practice using SAP applications in a sandbox environment.

Now the company is engaging four times more employees in learning activities than it did with the older on-premise learning management system (LMS). The new approach is also creating between €35 million and €45 million in increased operating profit with just a 1% increase in engagement. Administrative costs have decreased by €600 per new content item added. Managers and employees alike can create and access learning paths much more easily and track progress from their personal pages. This integrated, simple-to-use online-learning approach is an example of how learning departments need to evolve to stay relevant.

There are several characteristics of digital learning transformation:

Micro-learning. The concept of breaking lessons into smaller bites minimizes productivity disruptions and mirrors consumer behavior of watching three-minute videos and reading social media to get information on anything under the sun. Micro-learning is perfect for learning how to write a business plan, develop code in Ruby on Rails, or learn about a manufacturer’s latest appliance before a service call, for example. It can mean segmenting a longer course into small lessons, which the employee could view over lunch or in the evening from home. Several Alteris clients are now looking to deploy mobile learning apps, ideal for micro-learning, as the main delivery platform, says Bastian. These apps work best when integrated with the LMS and HR systems and push relevant material to users based on their learning profile.

Self-serve learning. Just-in-time learning is critical when learning needs accelerate. Companies can help by providing continually updated tools and content that can be accessed from any device, at the moment of need. It’s the best way for learning departments to keep up with employees’ needs; you can schedule only so many Webinars and classroom training courses.

Learning as entertainment. Gamification has been hot in marketing for a few years and is also a viable tool for corporate learning. New employees at Canadian telecommunications company TELUS earn badges as they complete different orientation tasks, such as creating a profile on the corporate social network. Leaders can spend eight weeks coaching a virtual Olympic speed-skating team, competing against colleagues to earn gold medals. Winning requires demonstrating the leadership behaviors that TELUS values.Training is also starting to incorporate virtual reality. For example, the U.S. military is using a gaming platform that incorporates avatars to create simulations that train soldiers to deal with dangerous or problematic situations. “This is more immersive and has the potential to help with the human connection failings of online learning,” says Joe Carella, managing director of executive education at the University of Arizona. Regardless of the method, adding an element of fun and recognition for reaching milestones is important for capturing the attention of younger workers who have grown up on games and apps.

Social learning. Learning is an emotional experience and most people don’t want to be alone when they learn. In that regard, social media models can be profoundly valuable because they foster sharing and collaboration, which helps employees retain the knowledge they gain through formal training programs. That’s why social collaboration platforms have become as important to the overall learning strategy as the specific types of training delivery methods themselves.

User-generated content. A common theme spanning all of the previously mentioned areas has played out in mainstream media and social media over the past few years. “What learners value the most today is the raw, user-created content over the highly polished corporate-created content,” says Elliott Masie, founder of The MASIE Center, a think tank focused on learning and knowledge in the workforce. “What’s really fascinating is that this trend is creating a town-square model where learners are ripe to learn from others.”

Video. “Almost anyone can produce a training video, and it’s technically more convenient than ever before,” says Cushing Anderson, a VP and analyst focusing on HR and learning at IDC. “Digital learning is often about substituting convenience for perfect quality.”

Universities and MOOCs: What We’ve Learned So Far

Degrees and certifications have been going online through massive open online courses (MOOCs) for a few years, reflecting the changing needs of students as well as the escalating costs of traditional education.

Threatened with disruption from independent MOOC startups such as Coursera and Udacity, universities and colleges have scrambled to keep pace. More than 80% now offer several courses online and more than half offer a significant number of courses online, according to the EDUCAUSE Center for Analysis and Research. The survey found that more than two-thirds of academic leaders believe that online learning is critical to the long-term strategic mission of their institutions.

MOOCs have delivered a transformation of higher learning that wasn’t possible a decade ago, when access to a Harvard professor was available only to the elite few who had earned their place in those hallowed halls and who could afford the stratospheric tuition.

However, MOOCs have not been proven out yet as an effective replacement for traditional degrees, much less the acquisition of knowledge. Completion rates for courses are low, and MOOCs so far seem best suited for technical or tactical topics or as a supplement to the classroom, observes Joe Carella, managing director of executive education at the University of Arizona.

Yet MOOCs are playing a growing role in companies. Getting access to real business experts, such as a well-known speaker like Jim Collins, is especially valuable for a small or midsize business that couldn’t afford to hire that individual otherwise.

Making the shift

For decades, corporate learning departments have delivered education through a fairly narrow, top-down funnel: curriculum is designed months ahead of time and learning paths are structured for targeted roles in the organization. In moving toward accelerated, continuous learning, chief learning officers will need to help foster a culture of accountability and excitement around learning, as follows:

Develop a close alignment between learning departments and senior business leaders to understand skill gaps, customer needs, and employee shortfalls.

Become a content curator and take on a customer service role in the business.

Ensure that learning is specific to the individual and relates to specific business and career goals.

Have managers help by motivating and guiding employees through the tools, helping them develop personalized plans, and monitoring their progress.

In most cases, companies should be relatively hands-off when it comes to employee learning, says Eilif Trondsen, director of learning, innovation, and virtual technologies at Strategic Business Insights. “It is the responsibility of the workers to learn and acquire the needed skills and competencies for their jobs,” says Trondsen, “and it’s important to monitor the outcomes and not micromanage the process they use for getting there.”

However, it’s important that leaders motivate employees to learn by setting a good example. At TELUS, a company vice president started an internal online community and his own blog to share information about working in his division. The company views corporate learning not as curriculum but as a set of experiences, including classroom courses, online training, coaching, mentoring, and informal collaboration. TELUS measures the direct impact of learning through surveys of both employees and their managers. One metric reports on the learning tools that are most effective for acquiring different types of knowledge, while another measures return on performance from a specific learning program.

Measuring learning effectiveness is a difficult key performance indicator, just as customer engagement is, yet digital learning platforms often have built-in analytics to create a starting point. The analytics allows companies to run reports on usage to see what’s most effective and to retire those assets that aren’t being used. Ultimately, companies should work toward connecting the dots between learning outcomes and business outcomes, such as attrition, employee engagement, and sales growth.

The human equation of digital learning

Today and into the future, no matter the technology or method deployed, excellent learning depends on excellent instructors. They must have credibility with their audiences or the program will flop. For example, when Sun Microsystems (now owned by Oracle) first offered e-learning on its programming language, Java, customers balked because they wanted to know who the expert behind the course was, just like in a classroom. So Sun included a video introduction by the original developer of Java, James Gosling, and the program took off.

Another caution with digital learning is that it can never replace the five senses one gets in a physical setting and lacks spontaneity. “With e-learning, you can pause the course whenever you wish, but sometimes breakthroughs happen when you are out of your comfort zone and challenged,” Carella says. A discussion can merge into a novel direction in ways that don’t typically happen when people are chatting online. Ideally, online learning should be interspersed with in-person educational experiences, whether that’s attending a classroom training or meeting with a mentor.

Blending formal and informal training, as well as offline and online training, is a historical trend that will continue, says Masie, who also leads The Learning CONSORTIUM, a coalition of 230 global organizations, including CNN, Walmart, Starbucks, and American Express. Incorporating multiple modes of learning is critically important for gaining knowledge that sticks.

“A learner who isn’t motivated will sit in front of the screen and complete a course but may never actually develop the skill,” he says. To close the loop, managers and learning departments can develop a process that includes practice, feedback, and on-the-job experience.

The long-term goal of digital learning: grow the business

As executives consider how learning and training should evolve, a grounding consideration is the level of commitment. Few companies spend enough on it, says IDC’s Anderson. Those with world-class training programs can gain an edge in hiring and possibly even in the market. Introducing innovative learning tools and programs that allow employees to study independently and experiment with new ideas is also motivating, which can lead to higher engagement, productivity gains, and even bottom-line benefits. In fact, says Masie, research has shown that organizations that invest at least 3% of income on learning have better stock performance and employee retention.

Digital marketers know they must measure and optimize all of their efforts, with the goal of increasing sales. They must also be able to prove a positive return on their investments. That said, digital marketers are constantly on the hunt for the latest technologies to help with both.

Shopping Cart Abandonment Emails Report Highest ROI

The highest ROI reported is from shopping cart abandonment emails. This shouldn’t be a surprise — 72 percent of site visitors that place items into an online shopping cart don’t make the purchase. Since they did almost purchase, cart abandoners are now your best prospects. And, a sequence of carefully timed emails will recover between 10-30 percent of them.

It’s these types of recovery rates that propel shopping cart abandonment emails to the top. They generate millions in incremental revenue for only a small effort and cost.

Retargeted Ads Complement Shopping Cart Abandonment Emails

The second most successful technique is retargeted advertising, a fantastic complement to shopping cart abandonment emails. Retargeted advertising works in a similar way, by nudging visitors to return to a website after they have left. And while retargeted advertising works across the entire funnel — from landing to purchase — the biggest opportunities lie where there is some level of intent to purchase, such as browsing category and product pages.

While the two techniques deliver a high ROI, they are definitely not the same. For example, brands using SeeWhy’s Conversion Manager to engage their shopping cart recovery emails average a 46 percent open rate and 15 percent click-through rate. Retargeted ads, by comparison, average a 0.3 percent click-through rate.

See the difference?

The real power comes when you combine the two techniques together — using retargeted advertising when no email address has been captured and email remarketing when it has.

Don’t “Set ‘Em and Forget ‘Em”

To achieve the highest possible ROI combining cart abandonment emails with retargeted advertising, you should plan to test and tune your campaigns. It’s dangerous to go live with your new campaign and then ‘set it and forget it.’ Testing and tuning your campaign can double or triple your revenues. SeeWhy tracks more than $1B in Gross Market Value ecommerce revenues annually and analyzes this data to understand what factors have the biggest impact on conversion.

A SeeWhy study of more than 650,000 individual ecommerce transactions last year concluded that the optimal time for remarketing is immediately following abandonment. Of those visitors that don’t buy, 72 percent will return and purchase within the first 12 hours.

So timing is one of the critical factors; waiting 24 hours or more means that you’re missing at least 3 out of 4 of your opportunities to drive conversions. For example, a shopping cart recovery email campaign sent by Brand A 24 hours after abandonment may be its top performing campaign. But this campaign delivers half the return of Brand B’s equivalent campaign which is real time.

Scores of new technologies and techniques will clamor for your attention, making bold claims about their ROI and conversion. But if they aren’t capable of combining shopping cart abandonment emails and retargeted ads, the two biggest ROI drivers in the industry, then they aren’t worth your time.

Partner managed cloud takes the private cloud and application management one step further and enables our customer to use the traditional on-premise SAP solutions through their private cloud on a subscription basis.

Providing customers all the benefits of a cloud consumption model –

Pay as you go economics

Rapid time-to-value

Low total cost of ownership

Scalability and flexibility in deployment

These features are coupled with fully managed, enterprise-class SAP solutions that traditionally were only available on premise.

ITChamps, who are trusted SAP partners will be the One Stop Shop for this service and will provide customers get the high end solution they want without having to incur capital expenditure.

Primary drivers for the TCO reduction are the combined result of key SAP’s Partner Managed Cloud (PMC) components:

Economies of scale from Cloud-based infrastructure

Scalability–increase/decrease system usage on demand without wasted or underutilized systems for backup, development, and Quality Assurance

Flexibility–business process changes can quickly be reflected in IT infrastructure

Speed–Fast deployment and provisioning speeds time to value and lowers wait time, improving productivity

Lower costs from application management services

Pooled Resources –Expertise is spread across multiple customers, thereby making it cheaper on a per customer basis than if customers staffed dedicated SAP resources

Automation / Standardization –Combines automated processes for provisioning, management and monitoring with virtualization across customers, along with standardized packages for implementation, upgrades, and patches